Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Flare has XSS vulnerability in Raw File Preview
Vulnerability Description
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG (or other active content formats such as HTML or XML), an attacker can achieve script execution in the context of the application's origin when a victim views the file in “raw” mode. This results in a stored Cross-Site Scripting (XSS) vulnerability that can be exploited to exfiltrate user data. This issue has been fixed in version 1.7.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Flare 跨站脚本漏洞
Vulnerability Description
Flare是Zachary Lowery个人开发者的一个文件共享平台。 Flare 1.7.0及之前版本存在跨站脚本漏洞,该漏洞源于文件上传时内容验证或清理不当,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A